diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-07-20 14:15:55 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-07-20 14:15:55 +0000 |
| commit | aebd6ed3d73da56409593b4d500748959d8c1cea (patch) | |
| tree | fb21057e0234a2f459cc502fccab0ecb7e6bab0d /bindings/java/tests/Test.java | |
| parent | 52d9fba0fa28be83571a267e30757f2699340d90 (diff) | |
| download | lasso-aebd6ed3d73da56409593b4d500748959d8c1cea.tar.gz lasso-aebd6ed3d73da56409593b4d500748959d8c1cea.tar.xz lasso-aebd6ed3d73da56409593b4d500748959d8c1cea.zip | |
[SAMLv2] simplify logic for handling AuthnResponse with binding HTTP-Post
The logic is now simpler:
- first lasso_saml20_profile_process_any_response check the signature
on the message
- then lasso_saml20_login_process_response_status_and_assertion
traverse all the assertions:
- if the message is signed all assertion from the same issuer are
automatically accepted,
- if the message is not signed, or the signature validation failed,
or the assertion has a different issuer than the message, we check
the signature directly on the assertion. If any of the assertions
fails the signature check, the result will be
LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE.
The public field profile->signature_status will contain only the message
level signature status, each assertion signature status is not
accessible. That will change when signature and key handling is
reworked.
Diffstat (limited to 'bindings/java/tests/Test.java')
0 files changed, 0 insertions, 0 deletions